+ + +

Input Class

+ +

The Input Class serves two purposes:

+ +

It pre-processes global input data for security.
It provides some helper functions for fetching input data and pre-processing it.

+ +

Note: This class is initialized automatically by the system so there is no need to do it manually.

+ + +

Security Filtering

+ +

The security filtering function is called automatically when a new controller is invoked. It does the following:

+ +

Destroys the global GET array. Since Code Igniter does not utilize GET strings, there is no reason to allow it.
Destroys all global variables in the event register_globals is turned on.
Filters the POST/COOKIE array keys, permitting only alpha-numeric (and a few other) characters.
Provides XSS (Cross-site Scripting Hacks) filtering. This can be enabled globally, or upon request.
Standardizes newline characters to \n

+ + +

XSS Filtering

+ +

Code Igniter comes with a Cross Site Scripting Hack prevention filter which can either run automatically to filter +all POST and COOKIE data that is encountered, or you can run it on a per item basis. By default it does not +run globally since it requires a bit of processing overhead, and since you may not need it in all cases.

+ +

The XSS filter looks for commonly used techniques to trigger Javascript or other types of code that attempt to hijack cookies +or do other malicious things. If anything disallowed is encountered it is rendered safe by converting the data to character entities.

+ +

+Note: This function should only be used to deal with data upon submission. It's not something that should be used for general runtime processing since it requires a fair amount of processing overhead.

+ + +

To filter data through the XSS filter use this function:

+ +

$this->input->xss_clean()

+ +

Here is an usage example:

+ +$data = $this->input->xss_clean($data); + +

If you want the filter to run automatically every time it encounters POST or COOKIE data you can enable it by opening your +application/config/config.php file and setting this: + +$config['global_xss_filtering'] = TRUE; + +

Note: If you use the form validation class, it gives you the option of XSS filtering as well.

+ + + + +

Using POST or COOKIE Data

+ +

Code Igniter comes with two helper functions that let you fetch POST or COOKIE items. The main advantage of using the provided +functions rather then fetching an item directly ($_POST['something']) is that the functions will check to see if the item is set and +return false (boolean) if not. This lets you conveniently use data without having to test whether an item exists first. +In other words, normally you might do something like this: + ++if ( ! isset($_POST['something'])) +{ + $something = FALSE; +} +else +{ + $something = $_POST['something']; +} + +

With Code Igniter's built in functions you can simply do this:

+ +$something = $this->input->post('something'); + +

The two functions are:

+ +

$this->input->post()

+ +

The first parameter will contain the name of the POST item you are looking for:

+ +$this->input->post('some_data'); + +

The function returns FALSE (boolean) if the item you are attempting to retrieve does not exist.

+ +

The second optional parameter lets you run the data through the XSS filter. It's enabled by setting the second parameter to boolean TRUE;

+ +$this->input->post('some_data', TRUE); + +

$this->input->cookie()

+ +

This function is identical to the post function, only it fetches cookie data:

+ +$this->input->cookie('some_data', TRUE); + + + + +

$this->input->ip_address()

Returns the IP address for the current user. If the IP address is not valid, the function will return an IP of: 0.0.0.0

+echo $this->input->ip_address(); + + +

$this->input->valid_ip(`$ip`)

+ +

Takes an IP address as input and returns TRUE or FALSE (boolean) if it is valid or not. Note: The $this->input->ip_address() function above +validates the IP automatically.

+ +

if ( ! valid_id($ip))

+{

+     echo 'Not Valid';

+}

+else

+{

+     echo 'Valid';

+}

+ + +

$this->input->user_agent()

Returns the user agent (web browser) being used by the current user. Returns FALSE if it's not available.

+echo $this->input->user_agent(); + + + + +

Code Igniter User Guide Version 1.4.0

Input Class

Security Filtering

XSS Filtering

$this->input->xss_clean()

Using POST or COOKIE Data

$this->input->post()

$this->input->cookie()

$this->input->ip_address()

$this->input->valid_ip($ip)

$this->input->user_agent()

$this->input->valid_ip(`$ip`)